Jul 2022 – Apr 2025 · 2 yrs 9 mos · Dallas, Texas, United States · Remote

Apr 2022 – Jul 2022 · 3 mos · Dallas-Fort Worth Metroplex · Remote

• Enhanced data loss prevention by developing custom threat detections in Splunk, supported by metrics to track and demonstrate success in reducing exfiltration efforts.
• Optimized Splunk's capacity for security log analysis by increasing data ingestion by 36%, enabling improved threat detection and response.
• Provided strategic guidance to senior management on insider threats and emerging security trends, contributing to proactive risk mitigation and enhanced security posture.
• Conducted in-depth technical security assessments of Splunk and Code42, identifying vulnerabilities and compliance gaps. Developed and presented actionable mitigation strategies to address identified
• risks.

Jun 2021 – Mar 2022 · 9 mos

Nov 2020 – Jun 2021 · 7 mos · Irving, Texas, United States

• Created a risk assessment Splunk dashboard, which correlated email and data loss prevention data. This dashboard baselined user’s behavior, utilizing user behavior analytics with the goal to identify abnormal behavior.
• Created a playbook and Splunk dashboard that identified data exfiltration policy violations. The process allowed the team to quickly identify and investigate users.
• Utilized DTEX and Proofpoint logs to create a Splunk dashboard that identified users that were exfiltrating compressed files through email.

Mar 2019 – Nov 2020 · 1 yr 8 mos · Dallas, TX, United States

• Provided engineering support building a Cyber Fusion Center by implementing Tanium FIM, Nexpose, and Splunk within AWS GovCloud.
• Implemented Geo-Blocking as a Service, this service ran on GCP utilizing Kubernetes, Stackdriver, Gardener, and Maxmind. After implementing this service, I integrated the logs from Stackdriver & StackRox into Splunk, where I then created security use cases for alerting within the AWS & GCP environments.
• Created dashboards, and reports that provide metrics on vulnerability scanning coverage, vulnerabilities identified within the client's environment, and remediation SLA compliance by business unit. This allowed business units to access their data on-demand and facilitates drill down to the underlying data while providing roll-up capabilities for executive reporting.
• Performed assessment of the client's current Nexpose scanning capability and identify areas of opportunity and learning that would assist with Nessus implementation.
• Performed analysis to identify the complexity of implementing a centralized ticketing system for business units to use for vulnerability management. The ticketing system was used to track vulnerability identification, assignment, and remediation.
• Created an automation script for the vulnerability advisory services team utilizing python. This script decreased a 6-hour process to a 15-minute process, as well as decreased the number of people needed to complete this process.

Aug 2018 – Mar 2019 · 7 mos · Dallas-Fort Worth Metroplex

May 2018 – Aug 2018 · 3 mos · Dallas-Fort Worth Metroplex

• Administered and provided engineering support with Cisco ISE to monitor network traffic
• Assisted in analyzing potential security events detected in network environments and either resolve or escalate the event as appropriate
• Deployed ISE in wired environment to perform Dot1x port-based authentication configure the posture polices perform Change Of Authorization CoA for users connecting to the corporate network

Oct 2017 – Feb 2018 · 4 mos · Plano, Texas

• Utilized McAfee ESM to proactively monitor, identify and analyze complex internal and
• external threats, including viruses, targeted attacks, and unauthorized access, and mitigate risk to IT systems Conduct security research to maintain current knowledge of latest security trends and issues
• Utilized McAfee ePO to perform investigations of network and hosts/endpoints for malicious activity, to include analysis of packet captures, and assist in efforts to detect, confirm, contain, remediate, and recover from attacks.detection systems, web application, firewalls, messaging security platforms, vulnerability scanners etc.

Aug 2017 – Oct 2017 · 2 mos · Dallas, Texas

• Identified malicious and anomalous activity based on event data from firewalls, WAF, IPS,
• and other sources utilizing Splunk, Red Line, and Proof point
• Performed digital forensics/malware analysis on infected PC’s/laptops
• Monitored SIEM and logging environments with Splunk for security events and alerts to threats, intrusions, and/or compromise
• Coordinate escalations to internal support teams to ensure timely delivery of incident resolutions Perform network/system/application/log intrusion detection analysis and trending

May 2017 – Jan 2018 · 8 mos

• Administrate roughly 600 -800 Red Hat 6 and Windows servers
• Install new/rebuild existing servers and configure software, services, directories, storage, etc. in accordance with standards and project/operational requirements
• Performed daily system monitoring, verifying the integrity and availability of all hardware, server resources, systems and key processes, reviewing system and application logs, and verifying completion of scheduled jobs such as backups
• Perform ongoing performance tuning, hardware upgrades, and resource optimization as required. Configure CPU, memory, and disk partitions as required

Mar 2016 – Apr 2017 · 1 yr 1 mo

• Serve as a liaison between various support groups during system outages, managing high level bridges and working with third party vendors to remediate nationwide outages affecting millions of customers.
• Tier 1 support for Red Hat and Windows Operating systems.
• Responsible for the monitoring, surveillance and resolution of all incidents.
• Respond to internal telephone calls for technical support in a timely manner and explain technical situations to non-technical individuals.
• Perform basic systems testing and operational tasks (installation of patches, network connectivity testing, and software updates.
• Report trends in hardware and application performance to assist senior technical personnel to predict future issues or outages.

May 2017 – Aug 2017 · 3 mos · Irving, Texas

• Analyzed sensitive authentication activities and privilege combinations that could lead to
• abuse; monitored privileged access activity for possible abuse; monitor suspicious and/ or inappropriate web activity; assessed data leakage vulnerabilities; and establish baseline usage information and trends
• Researched and applied public threat intelligence to enhance the analytic model and security of the company
• Developed a Python script that automated application logs that was integrated within the Splunk enviroment.
• Supported the company by conducting vulnerability/security assessments including security control validation, network, and web application penetration testing, and reporting by utilizing Kali Linux operating system and various security tool
• Performed a penetration test within the printer network, resulting in 55+ printers being compromised, which included a report on remediation and how the systems were compromised